Politique de confidentialité

Politique de confidentialité / Privacy Policy

Dernière mise à jour / Last updated: 5 mai 2026 / May 5, 2026

Note : Cette politique couvre à la fois le site e-commerce aromatiza.fr et notre application interne « Aromatiza » utilisée pour publier nos vidéos de marque sur les plateformes sociales (TikTok, Facebook, Instagram, Pinterest, YouTube, X). / This policy covers both the aromatiza.fr e-commerce website and our internal "Aromatiza" application used to publish our brand videos on social platforms.

English version

1. Data Controller

SARL CIGTRONIC (operator of aromatiza.fr and the Aromatiza app)
ZA du Bois Saint Ladre, 89200 Avallon, France
RCS Auxerre: 79409252800064 — VAT: FR82794092528
Phone: +33 9 73 63 10 33 — Email: sarl.cigtronic@orange.fr
French CNIL declaration #1730315 v 0

2. Scope

This Privacy Policy applies to: (a) the aromatiza.fr e-commerce website, and (b) the internal "Aromatiza" application that we operate to publish our own brand videos on our official social media accounts via OAuth integrations (TikTok, Facebook, Instagram, Pinterest, YouTube, X).

3. Personal Data Collected on the Website

  • Account data: name, email, hashed password
  • Order data: billing/shipping address, phone number
  • Payment data: handled exclusively by our payment provider; we never store card numbers
  • Browsing data: IP, browser type, pages visited (via cookies)
  • Communication data: messages sent through our contact form or by email

4. Data Collected via Social Platform APIs (TikTok, Meta, Pinterest, Google, X)

Our internal application uses official APIs of social platforms to publish OUR OWN brand videos to OUR OWN official accounts. We do NOT collect, process or store any third-party user data via these APIs. Below is the detailed breakdown for each platform.

4.1 TikTok (TikTok for Developers API)

App name: Aromatiza. Client key visible at developers.tiktok.com (app ID 7634118600508344327). We use OAuth 2.0 with the following scopes; data obtained is described below scope by scope:

  • user.info.basicData obtained: open_id, display_name, avatar_url of the TikTok account that owns the app (i.e. our own brand account, not third-party users). Use within the app: solely to confirm that the OAuth access token is bound to the expected account before publishing videos. Storage: this profile information is NOT persisted in any database; it is read once during the OAuth callback and discarded. Only the encrypted access_token and refresh_token are stored, in our self-hosted n8n orchestrator (HTTPS, encrypted at rest), tied to the operator's account. Sharing: never shared with third parties. Retention: until the access token is revoked by the operator or expires.
  • video.uploadData sent to TikTok: a video file (mp4, 8-15s, 9:16) hosted on our Cloudinary CDN, plus a caption and hashtags written by us. Use: exclusively to upload our own brand video to our own TikTok account. No third-party user data is sent. Retention: the video is owned and managed by us on our TikTok account.
  • video.publishData sent to TikTok: the video_id obtained at the upload step plus our caption. Use: exclusively to publish the previously uploaded video on our own TikTok account. No third-party user data.

The Aromatiza app is for internal use only by SARL CIGTRONIC administrators. End users (third parties) do not authenticate with this app.

4.2 Meta (Facebook & Instagram Graph API)

We use a Facebook Page access token (scope pages_manage_posts) to publish our own video and photo content to our official Facebook Page and Instagram Business account. We do not access user data of visitors or followers.

4.3 Other platforms

Same model for Pinterest (scope pins:write,boards:read), YouTube (scope youtube.upload), X (scope tweet.write): we publish our own content to our own accounts, no third-party user data is processed.

5. Purposes of Processing

  • Process and ship your orders
  • Manage your customer account and provide support
  • Send you product updates (only with your consent)
  • Improve our website and services
  • Comply with legal and accounting obligations
  • Prevent fraud and abuse
  • Publish our own brand videos on our own social accounts (no third-party data involved)

6. Legal Basis

  • Performance of the sales contract (orders, deliveries)
  • Your consent (newsletter, marketing cookies)
  • Our legitimate interest (security, app improvements)
  • Compliance with legal obligations (invoices, accounting)

7. Recipients

  • Our hosting provider: o2switch (France)
  • Our payment providers (PayPal, banks)
  • Our shipping carriers (La Poste, Colissimo, etc.)
  • Social platforms (TikTok, Meta, Pinterest, YouTube, X) ONLY when we publish our own brand content — no customer data is shared
  • Government authorities in case of legal obligation

Your data is never sold to third parties.

8. Retention Periods

  • Customer account: duration of registration plus 3 years of inactivity
  • Order/billing data: 10 years (accounting obligation)
  • Marketing prospects: 3 years from last contact
  • Cookies: maximum 13 months
  • OAuth tokens for social platforms: until revocation or expiration

9. Your Rights

Under GDPR, you have the right to: access, rectification, erasure ("right to be forgotten"), restriction, portability, objection, and to withdraw consent at any time.

To exercise these rights: sarl.cigtronic@orange.fr or by mail to SARL CIGTRONIC, ZA du Bois Saint Ladre, 89200 Avallon, France.

10. Cookies

Our site uses cookies for: site functionality (cart, session, security — essential, no consent required), audience measurement (anonymized), and personalization (with your consent). You can refuse or delete cookies at any time via your browser settings.

11. Security

We implement appropriate technical and organizational measures to protect your data: HTTPS encryption, hashed passwords, regular backups, restricted admin access.

12. International Transfers

Some of our providers (notably TikTok, Meta, Google) may process data outside the EU. Such transfers are governed by Standard Contractual Clauses or adequacy decisions of the European Commission.

13. Complaints

If you believe the processing of your data is not compliant, you may lodge a complaint with the French data protection authority CNIL: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France — www.cnil.fr

14. Changes

We reserve the right to modify this policy. The "Last updated" date is shown at the top. For any question: sarl.cigtronic@orange.fr

Version française

1. Responsable du traitement

SARL CIGTRONIC (éditeur de aromatiza.fr et de l'application Aromatiza)
ZA du Bois Saint Ladre, 89200 Avallon, France
RCS Auxerre : 79409252800064 — TVA : FR82794092528
Téléphone : 09 73 63 10 33 — E-mail : sarl.cigtronic@orange.fr
N° CNIL : 1730315 v 0

2. Champ d'application

Cette politique s'applique : (a) au site e-commerce aromatiza.fr, et (b) à l'application interne « Aromatiza » que nous utilisons pour publier nos propres vidéos de marque sur nos comptes officiels via les API OAuth (TikTok, Facebook, Instagram, Pinterest, YouTube, X).

3. Données personnelles collectées sur le site

  • Compte : nom, e-mail, mot de passe (chiffré)
  • Commande : adresse de facturation et de livraison, téléphone
  • Paiement : traité par notre prestataire ; nous ne stockons jamais les numéros de carte
  • Navigation : IP, navigateur, pages visitées (cookies)
  • Communication : contenu des messages envoyés

4. Données collectées via les API des plateformes sociales

Notre application utilise les API officielles pour publier NOS PROPRES vidéos sur NOS PROPRES comptes officiels. Nous ne collectons aucune donnée d'utilisateur tiers via ces API.

4.1 TikTok (TikTok for Developers API)

Application : Aromatiza (ID 7634118600508344327). Scopes utilisés :

  • user.info.basicDonnée récupérée : open_id, display_name, avatar_url du compte TikTok propriétaire (notre compte de marque, pas un utilisateur tiers). Utilisation : vérifier que le jeton OAuth est lié au compte attendu. Stockage : aucune donnée de profil n'est conservée en base ; seul le jeton chiffré est gardé dans notre orchestrateur n8n. Partage : aucun. Conservation : jusqu'à révocation ou expiration du jeton.
  • video.uploadDonnées envoyées : un fichier vidéo (mp4, 8-15s, 9:16) hébergé sur Cloudinary, plus légende et hashtags rédigés par nous. Utilisation : téléverser exclusivement nos propres vidéos.
  • video.publishDonnées envoyées : video_id obtenu à l'upload + notre légende. Utilisation : publier exclusivement nos propres vidéos.

L'application Aromatiza est réservée à un usage interne par les administrateurs SARL CIGTRONIC. Aucun utilisateur tiers ne s'authentifie via cette application.

4.2 Autres plateformes

Même modèle pour Meta, Pinterest, YouTube, X : nous publions notre propre contenu sur nos propres comptes ; aucune donnée d'utilisateur tiers n'est traitée.

5. Vos droits

Conformément au RGPD : accès, rectification, effacement, limitation, portabilité, opposition, retrait du consentement. Pour exercer : sarl.cigtronic@orange.fr.

6. Réclamations

CNIL : 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07 — www.cnil.fr